Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cdf24bdb by security tracker role at 2018-11-13T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,245 @@
+CVE-2019-0185
+ RESERVED
+CVE-2019-0184
+ RESERVED
+CVE-2019-0183
+ RESERVED
+CVE-2019-0182
+ RESERVED
+CVE-2019-0181
+ RESERVED
+CVE-2019-0180
+ RESERVED
+CVE-2019-0179
+ RESERVED
+CVE-2019-0178
+ RESERVED
+CVE-2019-0177
+ RESERVED
+CVE-2019-0176
+ RESERVED
+CVE-2019-0175
+ RESERVED
+CVE-2019-0174
+ RESERVED
+CVE-2019-0173
+ RESERVED
+CVE-2019-0172
+ RESERVED
+CVE-2019-0171
+ RESERVED
+CVE-2019-0170
+ RESERVED
+CVE-2019-0169
+ RESERVED
+CVE-2019-0168
+ RESERVED
+CVE-2019-0167
+ RESERVED
+CVE-2019-0166
+ RESERVED
+CVE-2019-0165
+ RESERVED
+CVE-2019-0164
+ RESERVED
+CVE-2019-0163
+ RESERVED
+CVE-2019-0162
+ RESERVED
+CVE-2019-0161
+ RESERVED
+CVE-2019-0160
+ RESERVED
+CVE-2019-0159
+ RESERVED
+CVE-2019-0158
+ RESERVED
+CVE-2019-0157
+ RESERVED
+CVE-2019-0156
+ RESERVED
+CVE-2019-0155
+ RESERVED
+CVE-2019-0154
+ RESERVED
+CVE-2019-0153
+ RESERVED
+CVE-2019-0152
+ RESERVED
+CVE-2019-0151
+ RESERVED
+CVE-2019-0150
+ RESERVED
+CVE-2019-0149
+ RESERVED
+CVE-2019-0148
+ RESERVED
+CVE-2019-0147
+ RESERVED
+CVE-2019-0146
+ RESERVED
+CVE-2019-0145
+ RESERVED
+CVE-2019-0144
+ RESERVED
+CVE-2019-0143
+ RESERVED
+CVE-2019-0142
+ RESERVED
+CVE-2019-0141
+ RESERVED
+CVE-2019-0140
+ RESERVED
+CVE-2019-0139
+ RESERVED
+CVE-2019-0138
+ RESERVED
+CVE-2019-0137
+ RESERVED
+CVE-2019-0136
+ RESERVED
+CVE-2019-0135
+ RESERVED
+CVE-2019-0134
+ RESERVED
+CVE-2019-0133
+ RESERVED
+CVE-2019-0132
+ RESERVED
+CVE-2019-0131
+ RESERVED
+CVE-2019-0130
+ RESERVED
+CVE-2019-0129
+ RESERVED
+CVE-2019-0128
+ RESERVED
+CVE-2019-0127
+ RESERVED
+CVE-2019-0126
+ RESERVED
+CVE-2019-0125
+ RESERVED
+CVE-2019-0124
+ RESERVED
+CVE-2019-0123
+ RESERVED
+CVE-2019-0122
+ RESERVED
+CVE-2019-0121
+ RESERVED
+CVE-2019-0120
+ RESERVED
+CVE-2019-0119
+ RESERVED
+CVE-2019-0118
+ RESERVED
+CVE-2019-0117
+ RESERVED
+CVE-2019-0116
+ RESERVED
+CVE-2019-0115
+ RESERVED
+CVE-2019-0114
+ RESERVED
+CVE-2019-0113
+ RESERVED
+CVE-2019-0112
+ RESERVED
+CVE-2019-0111
+ RESERVED
+CVE-2019-0110
+ RESERVED
+CVE-2019-0109
+ RESERVED
+CVE-2019-0108
+ RESERVED
+CVE-2019-0107
+ RESERVED
+CVE-2019-0106
+ RESERVED
+CVE-2019-0105
+ RESERVED
+CVE-2019-0104
+ RESERVED
+CVE-2019-0103
+ RESERVED
+CVE-2019-0102
+ RESERVED
+CVE-2019-0101
+ RESERVED
+CVE-2019-0100
+ RESERVED
+CVE-2019-0099
+ RESERVED
+CVE-2019-0098
+ RESERVED
+CVE-2019-0097
+ RESERVED
+CVE-2019-0096
+ RESERVED
+CVE-2019-0095
+ RESERVED
+CVE-2019-0094
+ RESERVED
+CVE-2019-0093
+ RESERVED
+CVE-2019-0092
+ RESERVED
+CVE-2019-0091
+ RESERVED
+CVE-2019-0090
+ RESERVED
+CVE-2019-0089
+ RESERVED
+CVE-2019-0088
+ RESERVED
+CVE-2019-0087
+ RESERVED
+CVE-2019-0086
+ RESERVED
+CVE-2018-19269
+ RESERVED
+CVE-2018-19268
+ RESERVED
+CVE-2018-19267
+ RESERVED
+CVE-2018-19266
+ RESERVED
+CVE-2018-19265
+ RESERVED
+CVE-2018-19264
+ RESERVED
+CVE-2018-19263
+ RESERVED
+CVE-2018-19262
+ RESERVED
+CVE-2018-19261
+ RESERVED
+CVE-2018-19260
+ RESERVED
+CVE-2018-19259
+ RESERVED
+CVE-2018-19258
+ RESERVED
+CVE-2018-19257
+ RESERVED
+CVE-2018-19256
+ RESERVED
+CVE-2018-19255
+ RESERVED
+CVE-2018-19254
+ RESERVED
+CVE-2018-19253
+ RESERVED
+CVE-2018-19252
+ RESERVED
+CVE-2018-19251
+ RESERVED
+CVE-2018-19250
+ RESERVED
+CVE-2018-19249
+ RESERVED
CVE-2018-19248
RESERVED
CVE-2018-19247
@@ -1535,8 +1777,8 @@ CVE-2018-18593
RESERVED
CVE-2018-18592
RESERVED
-CVE-2018-18591
- RESERVED
+CVE-2018-18591 (A potential unauthorized disclosure of data vulnerability has
been ...)
+ TODO: check
CVE-2018-18590 (A potential remote code execution and information disclosure
...)
NOT-FOR-US: Micro Focus
CVE-2018-18589 (A potential Remote Arbitrary Code Execution vulnerability has
been ...)
@@ -5020,8 +5262,8 @@ CVE-2018-17189
RESERVED
CVE-2018-17188
RESERVED
-CVE-2018-17187
- RESERVED
+CVE-2018-17187 (The Apache Qpid Proton-J transport includes an optional
wrapper layer ...)
+ TODO: check
CVE-2018-17186 (An administrator with workflow definition entitlements can use
DTD to ...)
NOT-FOR-US: Apache Syncope
CVE-2018-17185
@@ -5789,8 +6031,7 @@ CVE-2018-16852
RESERVED
CVE-2018-16851
RESERVED
-CVE-2018-16850 [SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER
... REFERENCING]
- RESERVED
+CVE-2018-16850 (postgresql before versions 11.1, 10.6 is vulnerable to a to
SQL ...)
- postgresql-11 11.1-1
- postgresql-10 <unfixed>
- postgresql-9.6 <not-affected> (Only affects 11.x and 10.x)
@@ -8565,8 +8806,8 @@ CVE-2018-15797
RESERVED
CVE-2018-15796 (Cloud Foundry Bits Service Release, versions prior to 2.14.0,
uses an ...)
NOT-FOR-US: Cloud Foundry
-CVE-2018-15795
- RESERVED
+CVE-2018-15795 (Pivotal CredHub Service Broker, versions prior to 1.1.0, uses
a ...)
+ TODO: check
CVE-2018-15794
RESERVED
CVE-2018-15793
@@ -8611,10 +8852,10 @@ CVE-2018-15774
RESERVED
CVE-2018-15773
RESERVED
-CVE-2018-15772
- RESERVED
-CVE-2018-15771
- RESERVED
+CVE-2018-15772 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and
RecoverPoint for ...)
+ TODO: check
+CVE-2018-15771 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and
RecoverPoint for ...)
+ TODO: check
CVE-2018-15770
RESERVED
CVE-2018-15769
@@ -9423,8 +9664,8 @@ CVE-2018-15454 (A vulnerability in the Session Initiation
Protocol (SIP) inspect
NOT-FOR-US: Cisco
CVE-2018-15453
RESERVED
-CVE-2018-15452
- RESERVED
+CVE-2018-15452 (A vulnerability in the DLL loading component of Cisco Advanced
Malware ...)
+ TODO: check
CVE-2018-15451 (A vulnerability in the web-based management interface of Cisco
Prime ...)
NOT-FOR-US: Cisco
CVE-2018-15450 (A vulnerability in the web-based UI of Cisco Prime
Collaboration ...)
@@ -11245,17 +11486,17 @@ CVE-2018-14659 (The Gluster file system through
versions 4.1.4 and 3.1.2 is vuln
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929
NOTE: https://review.gluster.org/#/c/glusterfs/+/21530/
NOTE:
http://git.gluster.org/cgit/glusterfs.git/commit/?id=be1e1785e2e4f3d6345ea5b5b684a1429784a01c
-CVE-2018-14658
- RESERVED
-CVE-2018-14657
- RESERVED
+CVE-2018-14658 (A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect
URL for ...)
+ TODO: check
+CVE-2018-14657 (A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When
TOPT ...)
+ TODO: check
CVE-2018-14656 (A missing address check in the callers of the show_opcodes()
in the ...)
- linux 4.18.6-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/342db04ae71273322f0011384a9ed414df8bdae4
-CVE-2018-14655
- RESERVED
+CVE-2018-14655 (A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2,
4.3.0.Final. ...)
+ TODO: check
CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to
abuse ...)
- glusterfs <unfixed> (bug #912997)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
@@ -17078,8 +17319,8 @@ CVE-2018-12418 (Archive.java in Junrar before 1.0.1, as
used in Apache Tika and
NOT-FOR-US: Junrar
CVE-2018-12417
RESERVED
-CVE-2018-12416
- RESERVED
+CVE-2018-12416 (The GridServer Broker and GridServer Director components of
TIBCO ...)
+ TODO: check
CVE-2018-12415 (The Central Administration server (emsca) component of TIBCO
Software ...)
NOT-FOR-US: TIBCO
CVE-2018-12414 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure
Routing Daemon ...)
@@ -18785,10 +19026,12 @@ CVE-2018-11783
CVE-2018-11782
RESERVED
CVE-2018-11781 (Apache SpamAssassin 3.4.2 fixes a local user code injection in
the ...)
+ {DLA-1578-1}
- spamassassin 3.4.2-1 (bug #908971)
[stretch] - spamassassin 3.4.2-1~deb9u1
NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
CVE-2018-11780 (A potential Remote Code Execution bug exists with the PDFInfo
plugin ...)
+ {DLA-1578-1}
- spamassassin 3.4.2-1 (bug #908970)
[stretch] - spamassassin 3.4.2-1~deb9u1
NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
@@ -28891,10 +29134,10 @@ CVE-2018-7928 (There is a security vulnerability
which could lead to Factory Res
NOT-FOR-US: Huawei
CVE-2018-7927
RESERVED
-CVE-2018-7926
- RESERVED
-CVE-2018-7925
- RESERVED
+CVE-2018-7926 (Huawei Watch 2 with versions and earlier than
OWDD.180707.001.E1 have ...)
+ TODO: check
+CVE-2018-7925 (The radio module of some Huawei smartphones Emily-AL00A The
versions ...)
+ TODO: check
CVE-2018-7924 (Anne-AL00 Huawei phones with versions earlier than
8.0.0.151(C00) have ...)
NOT-FOR-US: Huawei
CVE-2018-7923 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09
...)
@@ -28923,8 +29166,8 @@ CVE-2018-7912
RESERVED
CVE-2018-7911 (Some Huawei smart phones ALP-AL00B 8.0.0.106(C00),
8.0.0.113(SP2C00), ...)
NOT-FOR-US: Huawei
-CVE-2018-7910
- RESERVED
+CVE-2018-7910 (Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B
...)
+ TODO: check
CVE-2018-7909
RESERVED
CVE-2018-7908
@@ -34219,8 +34462,8 @@ CVE-2018-6262 (NVIDIA GeForce Experience prior to 3.15
contains a vulnerability
NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6261 (NVIDIA GeForce Experience prior to 3.15 contains a
vulnerability when ...)
NOT-FOR-US: NVIDIA GeForce Experience
-CVE-2018-6260
- RESERVED
+CVE-2018-6260 (NVIDIA graphics driver contains a vulnerability that may allow
access ...)
+ TODO: check
CVE-2018-6259 (NVIDIA GeForce Experience all versions prior to 3.14.1 contains
a ...)
NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6258 (NVIDIA GeForce Experience all versions prior to 3.14.1 contains
a ...)
@@ -46912,8 +47155,8 @@ CVE-2018-1810
RESERVED
CVE-2018-1809
RESERVED
-CVE-2018-1808
- RESERVED
+CVE-2018-1808 (IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some
...)
+ TODO: check
CVE-2018-1807
RESERVED
CVE-2018-1806
@@ -46944,8 +47187,8 @@ CVE-2018-1794 (IBM WebSphere Application Server 7.0,
8.0, 8.5, and 9.0 using OAu
NOT-FOR-US: IBM WebSphere Application Server
CVE-2018-1793 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using
SAML ear ...)
NOT-FOR-US: IBM WebSphere Application Server
-CVE-2018-1792
- RESERVED
+CVE-2018-1792 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through
9.0.0.5, ...)
+ TODO: check
CVE-2018-1791 (IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External
Service ...)
NOT-FOR-US: IBM
CVE-2018-1790
@@ -48687,7 +48930,7 @@ CVE-2018-1294 (If a user of Commons-Email (typically an
application programmer)
NOTE:
https://marc.info/?i=CAF8HOZ+J3NkaywfbHuQpHxK9ZXeT4=4vs9rowcdiudnt1qa...@mail.gmail.com
NOTE: Fixed by:
https://svn.apache.org/viewvc?view=revision&revision=1777030
CVE-2018-1293
- RESERVED
+ REJECTED
CVE-2018-1292 (Within the 'getReportType' method in Apache Fineract 1.0.0, ...)
NOT-FOR-US: Apache Fineract
CVE-2018-1291 (Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, ...)
@@ -56987,6 +57230,7 @@ CVE-2017-15706 (As part of the fix for bug 61201, the
documentation for Apache T
NOTE: Introduced by fix for
https://bz.apache.org/bugzilla/show_bug.cgi?id=61201
NOTE:
https://lists.apache.org/thread.html/e1ef853fc0079cdb55befbd2dac042934e49288b476d5f6a649e5da2@%3Cannounce.tomcat.apache.org%3E
CVE-2017-15705 (A denial of service vulnerability was identified that exists
in Apache ...)
+ {DLA-1578-1}
- spamassassin 3.4.2-1 (bug #908969)
[stretch] - spamassassin 3.4.2-1~deb9u1
NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
@@ -130993,7 +131237,7 @@ CVE-2016-1239 [loads arbitrary code from the current
untrusted directory]
[jessie] - duck 0.7+deb8u1
NOTE:
https://anonscm.debian.org/cgit/collab-maint/duck.git/commit/?id=b43b5bbf07973c54b8f1c581a941f4facc97177a
(0.10)
CVE-2016-1238 ((1) cpan/Archive-Tar/bin/ptar, (2)
cpan/Archive-Tar/bin/ptardiff, (3) ...)
- {DSA-3628-1 DLA-584-1 DLA-565-1}
+ {DSA-3628-1 DLA-1578-1 DLA-584-1 DLA-565-1}
- perl 5.22.2-3
- libsys-syslog-perl <removed>
[jessie] - libsys-syslog-perl 0.33-1+deb8u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cdf24bdbf581c3dbe6795df8c66084efb8d8f887
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cdf24bdbf581c3dbe6795df8c66084efb8d8f887
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
