Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 861d5db0 by security tracker role at 2018-11-01T20:10:19Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,7 @@ +CVE-2018-18894 + RESERVED +CVE-2018-18893 + RESERVED CVE-2018-18892 (MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php ...) NOT-FOR-US: MiniCMS CVE-2018-18891 (MiniCMS 1.10 allows file deletion via ...) @@ -246,12 +250,12 @@ CVE-2018-18779 RESERVED CVE-2018-18778 (ACME mini_httpd before 1.30 lets remote users read arbitrary files. ...) - mini-httpd <unfixed> -CVE-2018-18777 - RESERVED -CVE-2018-18776 - RESERVED -CVE-2018-18775 - RESERVED +CVE-2018-18777 (Directory traversal vulnerability in Microstrategy Web, version 7, in ...) + TODO: check +CVE-2018-18776 (Microstrategy Web, version 7, does not sufficiently encode ...) + TODO: check +CVE-2018-18775 (Microstrategy Web, version 7, does not sufficiently encode ...) + TODO: check CVE-2018-18774 RESERVED CVE-2018-18773 @@ -380,8 +384,8 @@ CVE-2018-18716 RESERVED CVE-2018-18715 RESERVED -CVE-2018-18714 - RESERVED +CVE-2018-18714 (RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible ...) + TODO: check CVE-2018-18713 (The function down_sql_action() in /admin/model/database.class.php in ...) NOT-FOR-US: PHPYun CVE-2018-18712 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF ...) @@ -433,8 +437,8 @@ CVE-2018-18697 RESERVED CVE-2018-18696 RESERVED -CVE-2018-18695 - RESERVED +CVE-2018-18695 (M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with ...) + TODO: check CVE-2018-18694 (admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote ...) NOT-FOR-US: Monstra CMS CVE-2018-18693 @@ -8505,8 +8509,8 @@ CVE-2018-15456 RESERVED CVE-2018-15455 RESERVED -CVE-2018-15454 - RESERVED +CVE-2018-15454 (A vulnerability in the Session Initiation Protocol (SIP) inspection ...) + TODO: check CVE-2018-15453 RESERVED CVE-2018-15452 @@ -10309,8 +10313,7 @@ CVE-2018-14661 (It was found that usage of snprintf function in feature/locks .. NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880 NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/ -CVE-2018-14660 - RESERVED +CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 ...) - glusterfs <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926 @@ -21232,10 +21235,10 @@ CVE-2018-10589 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAcce NOT-FOR-US: Advantech CVE-2018-10588 RESERVED -CVE-2018-10587 - RESERVED -CVE-2018-10586 - RESERVED +CVE-2018-10587 (NetGain Enterprise Manager (EM) is affected by OS Command Injection ...) + TODO: check +CVE-2018-10586 (NetGain Enterprise Manager (EM) is affected by multiple Stored ...) + TODO: check CVE-2018-10585 RESERVED CVE-2018-10584 @@ -29728,8 +29731,8 @@ CVE-2018-7358 RESERVED CVE-2018-7357 RESERVED -CVE-2018-7356 - RESERVED +CVE-2018-7356 (All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are ...) + TODO: check CVE-2018-7355 (All versions up to V1.0.0B05 of ZTE MF65 and all versions up to ...) NOT-FOR-US: ZTE CVE-2018-7354 @@ -31237,14 +31240,14 @@ CVE-2018-6911 (The VBWinExec function in Node\AspVBObj.dll in Advantech WebAcces NOT-FOR-US: Advantech WebAccess CVE-2018-6910 (DedeCMS 5.7 allows remote attackers to discover the full path via a ...) NOT-FOR-US: DedeCMS -CVE-2018-6909 - RESERVED -CVE-2018-6908 - RESERVED -CVE-2018-6907 - RESERVED -CVE-2018-6906 - RESERVED +CVE-2018-6909 (A missing X-Frame-Options header in the Green Electronics RainMachine ...) + TODO: check +CVE-2018-6908 (An authentication bypass vulnerability exists in the Green Electronics ...) + TODO: check +CVE-2018-6907 (A Cross Site Request Forgery (CSRF) vulnerability in the Green ...) + TODO: check +CVE-2018-6906 (A persistent Cross Site Scripting (XSS) vulnerability in the Green ...) + TODO: check CVE-2018-6905 (The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via ...) - typo3-src <removed> [wheezy] - typo3-src <end-of-life> @@ -34372,10 +34375,10 @@ CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from domain="*& NOT-FOR-US: Subsonic CVE-2018-6013 (Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to ...) NOT-FOR-US: BigTree CMS -CVE-2018-6012 - RESERVED -CVE-2018-6011 - RESERVED +CVE-2018-6012 (The 'Weather Service' feature of the Green Electronics RainMachine ...) + TODO: check +CVE-2018-6011 (The time-based one-time-password (TOTP) function in the application ...) + TODO: check CVE-2018-6010 (In Yii Framework 2.x before 2.0.14, remote attackers could obtain ...) NOT-FOR-US: Yii Framework CVE-2018-6009 (In Yii Framework 2.x before 2.0.14, the switchIdentity function in ...) @@ -39694,8 +39697,8 @@ CVE-2018-3979 RESERVED CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the Word ...) NOT-FOR-US: Atlantis Word Processor -CVE-2018-3977 - RESERVED +CVE-2018-3977 (An exploitable code execution vulnerability exists in the XCF image ...) + TODO: check CVE-2018-3976 RESERVED CVE-2018-3975 (An exploitable uninitialized variable vulnerability exists in the ...) @@ -39754,8 +39757,8 @@ CVE-2018-3949 RESERVED CVE-2018-3948 RESERVED -CVE-2018-3947 - RESERVED +CVE-2018-3947 (An exploitable information disclosure vulnerability exists in the ...) + TODO: check CVE-2018-3946 (An exploitable use-after-free vulnerability exists in the JavaScript ...) NOT-FOR-US: Foxit Software's Foxit PDF Reader CVE-2018-3945 (An exploitable use-after-free vulnerability exists in the JavaScript ...) @@ -39792,8 +39795,8 @@ CVE-2018-3930 (In Antenna House Office Server Document Converter version V6.1 Pr NOT-FOR-US: Microsoft CVE-2018-3929 (An exploitable heap corruption exists in the PowerPoint document ...) NOT-FOR-US: Microsoft -CVE-2018-3928 - RESERVED +CVE-2018-3928 (An exploitable code execution vulnerability exists in the firmware ...) + TODO: check CVE-2018-3927 (An exploitable information disclosure vulnerability exists in the ...) NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices CVE-2018-3926 (An exploitable integer underflow vulnerability exists in the ZigBee ...) @@ -39828,8 +39831,8 @@ CVE-2018-3912 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware vers NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices CVE-2018-3911 (An exploitable HTTP header injection vulnerability exists in the ...) NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices -CVE-2018-3910 - RESERVED +CVE-2018-3910 (An exploitable code execution vulnerability exists in the cloud OTA ...) + TODO: check CVE-2018-3909 (An exploitable vulnerability exists in the REST parser of video-core's ...) NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices CVE-2018-3908 (An exploitable vulnerability exists in the REST parser of video-core's ...) @@ -39848,8 +39851,8 @@ CVE-2018-3902 (An exploitable buffer overflow vulnerability exists in the camera NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices CVE-2018-3901 RESERVED -CVE-2018-3900 - RESERVED +CVE-2018-3900 (An exploitable code execution vulnerability exists in the QR code ...) + TODO: check CVE-2018-3899 RESERVED CVE-2018-3898 @@ -126476,8 +126479,7 @@ CVE-2016-2125 (It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 alwa NOTE: Patch (with some more) here: https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch CVE-2016-2124 RESERVED -CVE-2016-2123 [Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability] - RESERVED +CVE-2016-2123 (A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ...) {DSA-3740-1} - samba 2:4.5.2+dfsg-2 [wheezy] - samba <not-affected> (Affects only Samba 4.0.0 to 4.5.2) @@ -126490,8 +126492,7 @@ CVE-2016-2121 (A permissions flaw was found in redis, which sets weak permission [wheezy] - redis <no-dsa> (minor issue, details see #842987) NOTE: Might be Red Hat-specific, needs investigation NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1374700 -CVE-2016-2120 [Crafted zone record can cause a denial of service] - RESERVED +CVE-2016-2120 (An issue has been found in PowerDNS Authoritative Server versions up ...) {DSA-3764-1 DLA-798-1} - pdns 4.0.2-1 NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/ @@ -262140,7 +262141,7 @@ CVE-2009-0691 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for F CVE-2009-0690 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit ...) NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on CVE-2009-0689 (Array index error in the (1) dtoa implementation in dtoa.c (aka ...) - {DSA-1998-1 DSA-1931-1 DLA-376-1} + {DSA-1998-1 DSA-1931-1 DLA-1564-1 DLA-376-1} - nspr 4.8-2 [etch] - nspr <end-of-life> (Mozilla packages from oldstable no longer covered by security support) - kdelibs 4:3.5.10.dfsg.1-3 (medium; bug #559265) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/861d5db030297cb91a9e2dad9ed6827d40d512ea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/861d5db030297cb91a9e2dad9ed6827d40d512ea You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits