Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
861d5db0 by security tracker role at 2018-11-01T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2018-18894
+ RESERVED
+CVE-2018-18893
+ RESERVED
CVE-2018-18892 (MiniCMS 1.10 allows execution of arbitrary PHP code via the
install.php ...)
NOT-FOR-US: MiniCMS
CVE-2018-18891 (MiniCMS 1.10 allows file deletion via ...)
@@ -246,12 +250,12 @@ CVE-2018-18779
RESERVED
CVE-2018-18778 (ACME mini_httpd before 1.30 lets remote users read arbitrary
files. ...)
- mini-httpd <unfixed>
-CVE-2018-18777
- RESERVED
-CVE-2018-18776
- RESERVED
-CVE-2018-18775
- RESERVED
+CVE-2018-18777 (Directory traversal vulnerability in Microstrategy Web,
version 7, in ...)
+ TODO: check
+CVE-2018-18776 (Microstrategy Web, version 7, does not sufficiently encode ...)
+ TODO: check
+CVE-2018-18775 (Microstrategy Web, version 7, does not sufficiently encode ...)
+ TODO: check
CVE-2018-18774
RESERVED
CVE-2018-18773
@@ -380,8 +384,8 @@ CVE-2018-18716
RESERVED
CVE-2018-18715
RESERVED
-CVE-2018-18714
- RESERVED
+CVE-2018-18714 (RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is
susceptible ...)
+ TODO: check
CVE-2018-18713 (The function down_sql_action() in
/admin/model/database.class.php in ...)
NOT-FOR-US: PHPYun
CVE-2018-18712 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF
...)
@@ -433,8 +437,8 @@ CVE-2018-18697
RESERVED
CVE-2018-18696
RESERVED
-CVE-2018-18695
- RESERVED
+CVE-2018-18695 (M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow
with ...)
+ TODO: check
CVE-2018-18694 (admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows
remote ...)
NOT-FOR-US: Monstra CMS
CVE-2018-18693
@@ -8505,8 +8509,8 @@ CVE-2018-15456
RESERVED
CVE-2018-15455
RESERVED
-CVE-2018-15454
- RESERVED
+CVE-2018-15454 (A vulnerability in the Session Initiation Protocol (SIP)
inspection ...)
+ TODO: check
CVE-2018-15453
RESERVED
CVE-2018-15452
@@ -10309,8 +10313,7 @@ CVE-2018-14661 (It was found that usage of snprintf
function in feature/locks ..
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880
NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/
-CVE-2018-14660
- RESERVED
+CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4
and 3.1.2 ...)
- glusterfs <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926
@@ -21232,10 +21235,10 @@ CVE-2018-10589 (In Advantech WebAccess versions
V8.2_20170817 and prior, WebAcce
NOT-FOR-US: Advantech
CVE-2018-10588
RESERVED
-CVE-2018-10587
- RESERVED
-CVE-2018-10586
- RESERVED
+CVE-2018-10587 (NetGain Enterprise Manager (EM) is affected by OS Command
Injection ...)
+ TODO: check
+CVE-2018-10586 (NetGain Enterprise Manager (EM) is affected by multiple Stored
...)
+ TODO: check
CVE-2018-10585
RESERVED
CVE-2018-10584
@@ -29728,8 +29731,8 @@ CVE-2018-7358
RESERVED
CVE-2018-7357
RESERVED
-CVE-2018-7356
- RESERVED
+CVE-2018-7356 (All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product
are ...)
+ TODO: check
CVE-2018-7355 (All versions up to V1.0.0B05 of ZTE MF65 and all versions up to
...)
NOT-FOR-US: ZTE
CVE-2018-7354
@@ -31237,14 +31240,14 @@ CVE-2018-6911 (The VBWinExec function in
Node\AspVBObj.dll in Advantech WebAcces
NOT-FOR-US: Advantech WebAccess
CVE-2018-6910 (DedeCMS 5.7 allows remote attackers to discover the full path
via a ...)
NOT-FOR-US: DedeCMS
-CVE-2018-6909
- RESERVED
-CVE-2018-6908
- RESERVED
-CVE-2018-6907
- RESERVED
-CVE-2018-6906
- RESERVED
+CVE-2018-6909 (A missing X-Frame-Options header in the Green Electronics
RainMachine ...)
+ TODO: check
+CVE-2018-6908 (An authentication bypass vulnerability exists in the Green
Electronics ...)
+ TODO: check
+CVE-2018-6907 (A Cross Site Request Forgery (CSRF) vulnerability in the Green
...)
+ TODO: check
+CVE-2018-6906 (A persistent Cross Site Scripting (XSS) vulnerability in the
Green ...)
+ TODO: check
CVE-2018-6905 (The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via
...)
- typo3-src <removed>
[wheezy] - typo3-src <end-of-life>
@@ -34372,10 +34375,10 @@ CVE-2018-6014 (Subsonic v6.1.3 has an insecure
allow-access-from domain="*&
NOT-FOR-US: Subsonic
CVE-2018-6013 (Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote
users to ...)
NOT-FOR-US: BigTree CMS
-CVE-2018-6012
- RESERVED
-CVE-2018-6011
- RESERVED
+CVE-2018-6012 (The 'Weather Service' feature of the Green Electronics
RainMachine ...)
+ TODO: check
+CVE-2018-6011 (The time-based one-time-password (TOTP) function in the
application ...)
+ TODO: check
CVE-2018-6010 (In Yii Framework 2.x before 2.0.14, remote attackers could
obtain ...)
NOT-FOR-US: Yii Framework
CVE-2018-6009 (In Yii Framework 2.x before 2.0.14, the switchIdentity function
in ...)
@@ -39694,8 +39697,8 @@ CVE-2018-3979
RESERVED
CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the
Word ...)
NOT-FOR-US: Atlantis Word Processor
-CVE-2018-3977
- RESERVED
+CVE-2018-3977 (An exploitable code execution vulnerability exists in the XCF
image ...)
+ TODO: check
CVE-2018-3976
RESERVED
CVE-2018-3975 (An exploitable uninitialized variable vulnerability exists in
the ...)
@@ -39754,8 +39757,8 @@ CVE-2018-3949
RESERVED
CVE-2018-3948
RESERVED
-CVE-2018-3947
- RESERVED
+CVE-2018-3947 (An exploitable information disclosure vulnerability exists in
the ...)
+ TODO: check
CVE-2018-3946 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3945 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
@@ -39792,8 +39795,8 @@ CVE-2018-3930 (In Antenna House Office Server Document
Converter version V6.1 Pr
NOT-FOR-US: Microsoft
CVE-2018-3929 (An exploitable heap corruption exists in the PowerPoint
document ...)
NOT-FOR-US: Microsoft
-CVE-2018-3928
- RESERVED
+CVE-2018-3928 (An exploitable code execution vulnerability exists in the
firmware ...)
+ TODO: check
CVE-2018-3927 (An exploitable information disclosure vulnerability exists in
the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3926 (An exploitable integer underflow vulnerability exists in the
ZigBee ...)
@@ -39828,8 +39831,8 @@ CVE-2018-3912 (On Samsung SmartThings Hub STH-ETH-250
devices with firmware vers
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3911 (An exploitable HTTP header injection vulnerability exists in
the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3910
- RESERVED
+CVE-2018-3910 (An exploitable code execution vulnerability exists in the cloud
OTA ...)
+ TODO: check
CVE-2018-3909 (An exploitable vulnerability exists in the REST parser of
video-core's ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3908 (An exploitable vulnerability exists in the REST parser of
video-core's ...)
@@ -39848,8 +39851,8 @@ CVE-2018-3902 (An exploitable buffer overflow
vulnerability exists in the camera
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3901
RESERVED
-CVE-2018-3900
- RESERVED
+CVE-2018-3900 (An exploitable code execution vulnerability exists in the QR
code ...)
+ TODO: check
CVE-2018-3899
RESERVED
CVE-2018-3898
@@ -126476,8 +126479,7 @@ CVE-2016-2125 (It was found that Samba before
versions 4.5.3, 4.4.8, 4.3.13 alwa
NOTE: Patch (with some more) here:
https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch
CVE-2016-2124
RESERVED
-CVE-2016-2123 [Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow
Remote Code Execution Vulnerability]
- RESERVED
+CVE-2016-2123 (A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba
routine ...)
{DSA-3740-1}
- samba 2:4.5.2+dfsg-2
[wheezy] - samba <not-affected> (Affects only Samba 4.0.0 to 4.5.2)
@@ -126490,8 +126492,7 @@ CVE-2016-2121 (A permissions flaw was found in redis,
which sets weak permission
[wheezy] - redis <no-dsa> (minor issue, details see #842987)
NOTE: Might be Red Hat-specific, needs investigation
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1374700
-CVE-2016-2120 [Crafted zone record can cause a denial of service]
- RESERVED
+CVE-2016-2120 (An issue has been found in PowerDNS Authoritative Server
versions up ...)
{DSA-3764-1 DLA-798-1}
- pdns 4.0.2-1
NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/
@@ -262140,7 +262141,7 @@ CVE-2009-0691 (The Foxit JPEG2000/JBIG2 Decoder
add-on before 2.0.2009.616 for F
CVE-2009-0690 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for
Foxit ...)
NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on
CVE-2009-0689 (Array index error in the (1) dtoa implementation in dtoa.c (aka
...)
- {DSA-1998-1 DSA-1931-1 DLA-376-1}
+ {DSA-1998-1 DSA-1931-1 DLA-1564-1 DLA-376-1}
- nspr 4.8-2
[etch] - nspr <end-of-life> (Mozilla packages from oldstable no longer
covered by security support)
- kdelibs 4:3.5.10.dfsg.1-3 (medium; bug #559265)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/861d5db030297cb91a9e2dad9ed6827d40d512ea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/861d5db030297cb91a9e2dad9ed6827d40d512ea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
