[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 31 Oct 2018 13:11:20 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2bf1a0cd by security tracker role at 2018-10-31T20:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2018-18882
+       RESERVED
+CVE-2018-18881
+       RESERVED
+CVE-2018-18880
+       RESERVED
+CVE-2018-18879
+       RESERVED
+CVE-2018-18878
+       RESERVED
+CVE-2018-18877
+       RESERVED
+CVE-2018-18876
+       RESERVED
+CVE-2018-18875
+       RESERVED
+CVE-2018-18874 (nc-cms through 2017-03-10 allows remote attackers to execute 
arbitrary ...)
+       TODO: check
+CVE-2018-18873 (An issue was discovered in JasPer 2.0.14. There is a NULL 
pointer ...)
+       TODO: check
+CVE-2018-18872
+       RESERVED
+CVE-2018-18871
+       RESERVED
 CVE-2018-18870
        RESERVED
 CVE-2018-18869 (EmpireCMS V7.5 allows remote attackers to upload and execute 
arbitrary ...)
@@ -4884,22 +4908,19 @@ CVE-2018-16844
        RESERVED
 CVE-2018-16843
        RESERVED
-CVE-2018-16842 [warning message out-of-buffer read]
-       RESERVED
+CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a 
heap-based ...)
        - curl <unfixed>
        NOTE: https://curl.haxx.se/docs/CVE-2018-16842.html
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
 CVE-2018-16841
        RESERVED
-CVE-2018-16840 [use-after-free in handle close]
-       RESERVED
+CVE-2018-16840 (A heap use-after-free flaw was found in curl versions from 
7.59.0 ...)
        - curl <unfixed>
        [stretch] - curl <not-affected> (Use-after-free issue introduced later)
        NOTE: https://curl.haxx.se/docs/CVE-2018-16840.html
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
        NOTE: Introduced by: 
https://github.com/curl/curl/commit/b46cfbc068ebe90f18e9777b9e877e4934c1b5e3
-CVE-2018-16839 [SASL password overflow via integer overflow]
-       RESERVED
+CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer 
overrun ...)
        - curl <unfixed>
        NOTE: https://curl.haxx.se/docs/CVE-2018-16839.html
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
@@ -8724,28 +8745,28 @@ CVE-2018-15329
        RESERVED
 CVE-2018-15328
        RESERVED
-CVE-2018-15327
-       RESERVED
-CVE-2018-15326
-       RESERVED
-CVE-2018-15325
-       RESERVED
-CVE-2018-15324
-       RESERVED
-CVE-2018-15323
-       RESERVED
-CVE-2018-15322
-       RESERVED
-CVE-2018-15321
-       RESERVED
-CVE-2018-15320
-       RESERVED
-CVE-2018-15319
-       RESERVED
-CVE-2018-15318
-       RESERVED
-CVE-2018-15317
-       RESERVED
+CVE-2018-15327 (In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise 
Manager ...)
+       TODO: check
+CVE-2018-15326 (In some situations on BIG-IP APM 14.0.0-14.0.0.2, 
13.0.0-13.1.0.7, ...)
+       TODO: check
+CVE-2018-15325 (In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and 
TMSH usage ...)
+       TODO: check
+CVE-2018-15324 (On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may 
restart when ...)
+       TODO: check
+CVE-2018-15323 (On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain ...)
+       TODO: check
+CVE-2018-15322 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 
...)
+       TODO: check
+CVE-2018-15321 (When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 
...)
+       TODO: check
+CVE-2018-15320 (On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed 
traffic ...)
+       TODO: check
+CVE-2018-15319 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 
12.1.0-12.1.3.6, ...)
+       TODO: check
+CVE-2018-15318 (In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 
12.1.3.4-12.1.3.6, if ...)
+       TODO: check
+CVE-2018-15317 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 
...)
+       TODO: check
 CVE-2018-15316 (In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, 
and/or Edge ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2018-15315 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a 
reflected ...)
@@ -10268,8 +10289,7 @@ CVE-2018-14660
        - glusterfs <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926
-CVE-2018-14659
-       RESERVED
+CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is 
vulnerable ...)
        - glusterfs <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929
@@ -10284,18 +10304,15 @@ CVE-2018-14656 (A missing address check in the 
callers of the show_opcodes() in
        NOTE: Fixed by: 
https://git.kernel.org/linus/342db04ae71273322f0011384a9ed414df8bdae4
 CVE-2018-14655
        RESERVED
-CVE-2018-14654
-       RESERVED
+CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to 
abuse ...)
        - glusterfs <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1631576
-CVE-2018-14653
-       RESERVED
+CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is 
vulnerable ...)
        - glusterfs <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431
-CVE-2018-14652
-       RESERVED
+CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is 
vulnerable ...)
        - glusterfs <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974
@@ -13740,10 +13757,10 @@ CVE-2018-13284
        RESERVED
 CVE-2018-13283
        RESERVED
-CVE-2018-13282
-       RESERVED
-CVE-2018-13281
-       RESERVED
+CVE-2018-13282 (Session fixation vulnerability in SYNO.PhotoStation.Auth in 
Synology ...)
+       TODO: check
+CVE-2018-13281 (Information exposure vulnerability in SYNO.Core.ACL in 
Synology ...)
+       TODO: check
 CVE-2018-13280 (Use of insufficiently random values vulnerability in ...)
        NOT-FOR-US: Synology
 CVE-2018-13279
@@ -45779,8 +45796,8 @@ CVE-2018-1853
        RESERVED
 CVE-2018-1852
        RESERVED
-CVE-2018-1851
-       RESERVED
+CVE-2018-1851 (IBM WebSphere Application Server Liberty OpenID Connect could 
allow a ...)
+       TODO: check
 CVE-2018-1850 (IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 
9.0.5.0 ...)
        NOT-FOR-US: IBM
 CVE-2018-1849
@@ -70101,7 +70118,7 @@ CVE-2017-11108 (tcpdump 4.9.0 allows remote attackers 
to cause a denial of servi
        NOTE: Proposed patch: 
https://github.com/the-tcpdump-group/tcpdump/pull/617
        NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/d9e65de3d94698ec90dbca42962a30dd2f0680e1
 (4.9.1)
 CVE-2017-11107 (phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php 
via the ...)
-       {DLA-1019-1}
+       {DLA-1561-1 DLA-1019-1}
        - phpldapadmin <unfixed> (bug #867719)
        NOTE: https://github.com/leenooks/phpLDAPadmin/issues/50
        NOTE: 
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731
@@ -112443,8 +112460,7 @@ CVE-2016-6345 (RESTEasy allows remote authenticated 
users to obtain sensitive ..
        - resteasy3.0 <undetermined>
 CVE-2016-6344 (Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly 
flag in a ...)
        NOT-FOR-US: Red Hat JBoss bpm Suite
-CVE-2016-6343
-       RESERVED
+CVE-2016-6343 (JBoss BPM Suite 6 is vulnerable to a reflected XSS via 
dashbuilder. ...)
        NOT-FOR-US: JBoss BPMS
 CVE-2016-6342 (elog 3.1.1 allows remote attackers to post data as any username 
in the ...)
        - elog 3.1.2-1-1 (bug #836505)
@@ -115667,8 +115683,7 @@ CVE-2016-5403 (The virtqueue_pop function in 
hw/virtio/virtio.c in QEMU allows l
        - qemu 1:2.6+dfsg-3.1 (bug #832619)
        [jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or 
point release)
        - qemu-kvm <removed>
-CVE-2016-5402
-       RESERVED
+CVE-2016-5402 (A code injection flaw was found in the way capacity and 
utilization ...)
        NOT-FOR-US: Red Hat CloudForms
 CVE-2016-5401 (Cross-site request forgery (CSRF) vulnerability in Red Hat 
JBoss BRMS ...)
        NOT-FOR-US: JBoss BPMS business-central
@@ -126436,8 +126451,7 @@ CVE-2016-2123 [Samba NDR Parsing ndr_pull_dnsp_name 
Heap-based Buffer Overflow R
        NOTE: https://www.samba.org/samba/security/CVE-2016-2123.html
 CVE-2016-2122
        RESERVED
-CVE-2016-2121 [weak permissions on sensitive files]
-       RESERVED
+CVE-2016-2121 (A permissions flaw was found in redis, which sets weak 
permissions on ...)
        - redis 3:3.2.5-2 (bug #842987)
        [jessie] - redis <no-dsa> (Minor issue)
        [wheezy] - redis <no-dsa> (minor issue, details see #842987)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bf1a0cd576c12ac6d5cf9494a374c6ec80d3ed7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bf1a0cd576c12ac6d5cf9494a374c6ec80d3ed7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to