Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
86e2448a by security tracker role at 2018-11-16T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2018-19319 (SRCMS 3.0.0 allows CSRF via
admin.php?m=Admin&c=gifts&a=update to ...)
+ TODO: check
+CVE-2018-19318 (SRCMS 3.0.0 allows CSRF via
admin.php?m=Admin&c=manager&a=update to ...)
+ TODO: check
+CVE-2018-19317
+ RESERVED
+CVE-2018-19316
+ RESERVED
+CVE-2018-19315
+ RESERVED
+CVE-2018-19314
+ RESERVED
+CVE-2018-19313
+ RESERVED
+CVE-2018-19312 (Centreon 3.4.x allows SQL Injection via the searchVM parameter
to the ...)
+ TODO: check
+CVE-2018-19311 (Centreon 3.4.x allows XSS via the Service field to the
main.php?p=20201 ...)
+ TODO: check
+CVE-2018-19310
+ RESERVED
+CVE-2018-19309
+ RESERVED
+CVE-2018-19308
+ RESERVED
+CVE-2018-19307
+ RESERVED
+CVE-2018-19306
+ RESERVED
CVE-2018-19305
RESERVED
CVE-2018-19304
@@ -16,8 +44,8 @@ CVE-2018-19298
RESERVED
CVE-2018-19297
RESERVED
-CVE-2018-19296
- RESERVED
+CVE-2018-19296 (PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to
an object ...)
+ TODO: check
CVE-2018-19295
RESERVED
CVE-2018-19294
@@ -1461,34 +1489,34 @@ CVE-2018-19131 (Squid before 4.4 has XSS via a crafted
X.509 certificate during
- squid3 <removed> (unimportant)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_4.txt
NOTE: Squid in Debian builds without TLS support
-CVE-2018-18806
- RESERVED
-CVE-2018-18805
- RESERVED
-CVE-2018-18804
- RESERVED
-CVE-2018-18803
- RESERVED
+CVE-2018-18806 (School Equipment Monitoring System 1.0 allows SQL injection
via the ...)
+ TODO: check
+CVE-2018-18805 (PointOfSales 1.0 allows SQL injection via the login screen,
related to ...)
+ TODO: check
+CVE-2018-18804 (Bakeshop Inventory System 1.0 has SQL injection via the login
screen, ...)
+ TODO: check
+CVE-2018-18803 (Curriculum Evaluation System 1.0 allows SQL Injection via the
login ...)
+ TODO: check
CVE-2018-18802
RESERVED
-CVE-2018-18801
- RESERVED
+CVE-2018-18801 (The BSEN Ordering software 1.0 has SQL Injection via ...)
+ TODO: check
CVE-2018-18800
RESERVED
-CVE-2018-18799
- RESERVED
+CVE-2018-18799 (School Attendance Monitoring System 1.0 has CSRF via ...)
+ TODO: check
CVE-2018-18798
RESERVED
-CVE-2018-18797
- RESERVED
-CVE-2018-18796
- RESERVED
-CVE-2018-18795
- RESERVED
-CVE-2018-18794
- RESERVED
-CVE-2018-18793
- RESERVED
+CVE-2018-18797 (School Attendance Monitoring System 1.0 has CSRF via ...)
+ TODO: check
+CVE-2018-18796 (Library Management System 1.0 has SQL Injection via the
"Search for ...)
+ TODO: check
+CVE-2018-18795 (School Event Management System 1.0 has SQL Injection via the
...)
+ TODO: check
+CVE-2018-18794 (School Event Management System 1.0 allows CSRF via ...)
+ TODO: check
+CVE-2018-18793 (School Event Management System 1.0 allows Arbitrary File
Upload via ...)
+ TODO: check
CVE-2018-18792 (An issue was discovered in zzcms 8.3. SQL Injection exists in
...)
NOT-FOR-US: zzcms
CVE-2018-18791 (An issue was discovered in zzcms 8.3. SQL Injection exists in
...)
@@ -1554,24 +1582,24 @@ CVE-2018-18764 (An exploitable arbitrary memory read
vulnerability exists in the
[stretch] - smplayer <not-affected> (Vulnerable code not present)
[jessie] - smplayer <not-affected> (Vulnerable code not present)
NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer
builds the Chromecast support
-CVE-2018-18763
- RESERVED
+CVE-2018-18763 (SaltOS 3.1 r8126 allows ...)
+ TODO: check
CVE-2018-18762
RESERVED
-CVE-2018-18761
- RESERVED
-CVE-2018-18760
- RESERVED
-CVE-2018-18759
- RESERVED
+CVE-2018-18761 (SaltOS 3.1 r8126 allows
action=login&querystring=&user=[SQL] SQL ...)
+ TODO: check
+CVE-2018-18760 (RhinOS 3.0 build 1190 allows CSRF. ...)
+ TODO: check
+CVE-2018-18759 (Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow. ...)
+ TODO: check
CVE-2018-18758
RESERVED
CVE-2018-18757
RESERVED
-CVE-2018-18756
- RESERVED
-CVE-2018-18755
- RESERVED
+CVE-2018-18756 (Local Server 1.0.9 has a Buffer Overflow via crafted data on
Port ...)
+ TODO: check
+CVE-2018-18755 (K-iwi Framework 1775 has SQL Injection via the
admin/user/group/update ...)
+ TODO: check
CVE-2018-18754 (ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root
account ...)
NOT-FOR-US: ZyXEL
CVE-2018-18753 (Typecho V1.1 allows remote attackers to send shell commands
via ...)
@@ -7474,16 +7502,14 @@ CVE-2018-16398 (In Twistlock AuthZ Broker 0.1, regular
expressions are mishandle
NOT-FOR-US: Twistlock AuthZ Broker
CVE-2018-16397 (In LimeSurvey before 3.14.7, an admin user can leverage a
"file upload" ...)
- limesurvey <itp> (bug #472802)
-CVE-2018-16396 [Tainted flags are not propagated in Array#pack and
String#unpack with some directives]
- RESERVED
+CVE-2018-16396 (An issue was discovered in Ruby before 2.3.8, 2.4.x before
2.4.5, ...)
{DSA-4332-1 DLA-1558-1}
- ruby2.5 <unfixed> (bug #911920)
- ruby2.3 <removed>
- ruby2.1 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/
NOTE:
https://github.com/ruby/ruby/commit/a2958f6743664006d21fc0bafd4ca6214df1d429
-CVE-2018-16395 [OpenSSL::X509::Name equality check does not work correctly]
- RESERVED
+CVE-2018-16395 (An issue was discovered in the OpenSSL library in Ruby before
2.3.8, ...)
{DSA-4332-1 DLA-1558-1}
- ruby-openssl <unfixed> (bug #911918)
- ruby2.5 <unfixed> (bug #911919)
@@ -9242,10 +9268,10 @@ CVE-2018-15695 (ASUSTOR Data Master 3.1.5 and below
allows authenticated remote
NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15694 (ASUSTOR Data Master 3.1.5 and below allows authenticated
remote ...)
NOT-FOR-US: ASUSTOR Data Master
-CVE-2018-15693
- RESERVED
-CVE-2018-15692
- RESERVED
+CVE-2018-15693 (Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier
allows ...)
+ TODO: check
+CVE-2018-15692 (Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier
allows ...)
+ TODO: check
CVE-2018-15691 (Insecure deserialization of a specially crafted serialized
object, in ...)
NOT-FOR-US: CA Release Automation
CVE-2018-15690
@@ -11187,7 +11213,7 @@ CVE-2018-14849 (Tiki before 18.2, 15.7 and 12.14 has
XSS via link attributes, re
NOTE: https://sourceforge.net/p/tikiwiki/code/66809
CVE-2018-14848
RESERVED
-CVE-2018-14847 (Winbox for MikroTik RouterOS through 6.42 allows remote
attackers to ...)
+CVE-2018-14847 (MikroTik RouterOS through 6.42 allows unauthenticated remote
attackers ...)
NOT-FOR-US: Winbox for MikroTik RouterOS
CVE-2018-14846
RESERVED
@@ -26446,10 +26472,10 @@ CVE-2018-9088
RESERVED
CVE-2018-9087
RESERVED
-CVE-2018-9086
- RESERVED
-CVE-2018-9085
- RESERVED
+CVE-2018-9086 (In some Lenovo ThinkServer-branded servers, a command injection
...)
+ TODO: check
+CVE-2018-9085 (A write protection lock bit was left unset after boot on an
older ...)
+ TODO: check
CVE-2018-9084
RESERVED
CVE-2018-9083
@@ -26472,12 +26498,12 @@ CVE-2018-9075 (For some Iomega, Lenovo, LenovoEMC NAS
devices versions 4.1.402.3
NOT-FOR-US: Lenovo
CVE-2018-9074 (For some Iomega, Lenovo, LenovoEMC NAS devices versions
4.1.402.34662 ...)
NOT-FOR-US: Lenovo
-CVE-2018-9073
- RESERVED
+CVE-2018-9073 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0
utilizes ...)
+ TODO: check
CVE-2018-9072
RESERVED
-CVE-2018-9071
- RESERVED
+CVE-2018-9071 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0
allows ...)
+ TODO: check
CVE-2018-9070 (For the Lenovo Smart Assistant Android app versions earlier
than ...)
NOT-FOR-US: Lenovo
CVE-2018-9069 (In some Lenovo IdeaPad consumer notebook models, a race
condition in ...)
@@ -31131,16 +31157,16 @@ CVE-2018-7365
RESERVED
CVE-2018-7364
RESERVED
-CVE-2018-7363
- RESERVED
-CVE-2018-7362
- RESERVED
-CVE-2018-7361
- RESERVED
-CVE-2018-7360
- RESERVED
-CVE-2018-7359
- RESERVED
+CVE-2018-7363 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are
impacted ...)
+ TODO: check
+CVE-2018-7362 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are
impacted ...)
+ TODO: check
+CVE-2018-7361 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are
impacted ...)
+ TODO: check
+CVE-2018-7360 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are
impacted ...)
+ TODO: check
+CVE-2018-7359 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are
impacted ...)
+ TODO: check
CVE-2018-7358 (ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5,
V2.2.0_PK1.2T2, ...)
NOT-FOR-US: ZTE ZXHN H168N product
CVE-2018-7357 (ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5,
V2.2.0_PK1.2T2, ...)
@@ -47374,8 +47400,8 @@ CVE-2018-1799 (IBM DB2 for Linux, UNIX and Windows
(includes DB2 Connect Server)
NOT-FOR-US: IBM
CVE-2018-1798 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable ...)
NOT-FOR-US: IBM WebSphere Application Server
-CVE-2018-1797
- RESERVED
+CVE-2018-1797 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using
...)
+ TODO: check
CVE-2018-1796
RESERVED
CVE-2018-1795 (IBM Robotic Process Automation with Automation Anywhere
Enterprise 10 ...)
@@ -47690,8 +47716,8 @@ CVE-2018-1641
RESERVED
CVE-2018-1640
RESERVED
-CVE-2018-1639
- RESERVED
+CVE-2018-1639 (The Report Builder of Jazz Reporting Service 5.0 through 5.0.2
and 6.0 ...)
+ TODO: check
CVE-2018-1638 (IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not
enforce Two ...)
NOT-FOR-US: IBM
CVE-2018-1637
@@ -339323,7 +339349,7 @@ CVE-2001-0595 (Buffer overflow in the
kcsSUNWIOsolf.so library in Solaris 7 and
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0594 (kcms_configure as included with Solaris 7 and 8 allows a local
...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2001-0593 (Ananconda Partners Clipper 3.3 and earlier allows a remote
attacker to ...)
+CVE-2001-0593 (Anaconda Partners Clipper 3.3 and earlier allows a remote
attacker to ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0591 (Directory traversal vulnerability in Oracle JSP 1.0.x through
1.1.1 ...)
NOT-FOR-US: Data pre-dating the Security Tracker
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/86e2448a6a74ff96a7d262d844584ccef90e1e41
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/86e2448a6a74ff96a7d262d844584ccef90e1e41
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
