Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
498809d5 by security tracker role at 2018-11-20T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2018-19385
+ RESERVED
+CVE-2018-19384
+ RESERVED
+CVE-2018-19383
+ RESERVED
+CVE-2018-19382
+ RESERVED
+CVE-2018-19381
+ RESERVED
+CVE-2018-19380
+ RESERVED
+CVE-2018-19379
+ RESERVED
+CVE-2018-19378
+ RESERVED
+CVE-2018-19377
+ RESERVED
+CVE-2018-19376
+ RESERVED
+CVE-2018-19375
+ RESERVED
+CVE-2018-19374
+ RESERVED
+CVE-2018-19373
+ RESERVED
+CVE-2018-19372
+ RESERVED
+CVE-2018-19371
+ RESERVED
+CVE-2018-19370
+ RESERVED
+CVE-2018-19369
+ RESERVED
+CVE-2018-19368
+ RESERVED
+CVE-2018-19367 (Portainer through 1.19.2 provides an API endpoint ...)
+ TODO: check
CVE-2018-XXXX [XSA-280: Fix for XSA-240 conflicts with shadow paging]
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-280.txt
@@ -95,10 +133,10 @@ CVE-2018-19337
RESERVED
CVE-2018-19336
RESERVED
-CVE-2018-19335
- RESERVED
-CVE-2018-19334
- RESERVED
+CVE-2018-19335 (Google Monorail before 2018-06-07 has a Cross-Site Search
(XS-Search) ...)
+ TODO: check
+CVE-2018-19334 (Google Monorail before 2018-05-04 has a Cross-Site Search
(XS-Search) ...)
+ TODO: check
CVE-2018-19333 (pkg/sentry/kernel/shm/shm.go in Google gVisor before
2018-11-01 allows ...)
NOT-FOR-US: gVisor
CVE-2018-19332 (An issue was discovered in S-CMS v1.5. There is a CSRF
vulnerability ...)
@@ -693,14 +731,17 @@ CVE-2018-19202
CVE-2018-19201
RESERVED
CVE-2018-19200 (An issue was discovered in uriparser before 0.9.0. UriCommon.c
allows ...)
+ {DLA-1581-1}
- uriparser 0.9.0-1 (bug #913817)
[stretch] - uriparser <no-dsa> (Minor issue)
NOTE:
https://github.com/uriparser/uriparser/commit/f58c25069cf4a986fe17a80c5b38687e31feb539
CVE-2018-19199 (An issue was discovered in uriparser before 0.9.0. UriQuery.c
allows an ...)
+ {DLA-1581-1}
- uriparser 0.9.0-1 (bug #913817)
[stretch] - uriparser <no-dsa> (Minor issue)
NOTE:
https://github.com/uriparser/uriparser/commit/f76275d4a91b28d687250525d3a0c5509bbd666f
CVE-2018-19198 (An issue was discovered in uriparser before 0.9.0. UriQuery.c
allows an ...)
+ {DLA-1581-1}
- uriparser 0.9.0-1 (bug #913817)
[stretch] - uriparser <no-dsa> (Minor issue)
NOTE:
https://github.com/uriparser/uriparser/commit/864f5d4c127def386dd5cc926ad96934b297f04e
@@ -1475,26 +1516,26 @@ CVE-2018-18867 (An SSRF issue was discovered in tecrail
Responsive FileManager 9
NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-18866
RESERVED
-CVE-2018-18865
- RESERVED
-CVE-2018-18864
- RESERVED
+CVE-2018-18865 (The Royal browser extensions TS before 4.3.60728 (Release Date
...)
+ TODO: check
+CVE-2018-18864 (Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS
because Apache ...)
+ TODO: check
CVE-2018-18863
RESERVED
CVE-2018-18862
RESERVED
-CVE-2018-18861
- RESERVED
+CVE-2018-18861 (Buffer overflow in PCMan FTP Server 2.0.7 allows for remote
code ...)
+ TODO: check
CVE-2018-18860
RESERVED
-CVE-2018-18859
- RESERVED
-CVE-2018-18858
- RESERVED
-CVE-2018-18857
- RESERVED
-CVE-2018-18856
- RESERVED
+CVE-2018-18859 (Multiple local privilege escalation vulnerabilities have been
...)
+ TODO: check
+CVE-2018-18858 (Multiple local privilege escalation vulnerabilities have been
...)
+ TODO: check
+CVE-2018-18857 (Multiple local privilege escalation vulnerabilities have been
...)
+ TODO: check
+CVE-2018-18856 (Multiple local privilege escalation vulnerabilities have been
...)
+ TODO: check
CVE-2018-18855
RESERVED
CVE-2018-18854 (Lightbend Spray spray-json through 1.3.4 allows remote
attackers to ...)
@@ -1688,12 +1729,12 @@ CVE-2018-18776 (Microstrategy Web, version 7, does not
sufficiently encode ...)
NOT-FOR-US: Microstrategy Web
CVE-2018-18775 (Microstrategy Web, version 7, does not sufficiently encode ...)
NOT-FOR-US: Microstrategy Web
-CVE-2018-18774
- RESERVED
-CVE-2018-18773
- RESERVED
-CVE-2018-18772
- RESERVED
+CVE-2018-18774 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through
0.9.8.740 ...)
+ TODO: check
+CVE-2018-18773 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through
0.9.8.740 ...)
+ TODO: check
+CVE-2018-18772 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through
0.9.8.740 ...)
+ TODO: check
CVE-2018-18771 (An issue was discovered in LuLu CMS through 2015-05-14. ...)
NOT-FOR-US: Lulu CMS
CVE-2018-18770
@@ -1815,10 +1856,10 @@ CVE-2018-18718 (An issue was discovered in gThumb
through 3.6.2. There is a doub
NOTE: Crash in end user application, no security impact
CVE-2018-18717 (An issue was discovered in Eleanor CMS through 2015-03-19. XSS
exists ...)
NOT-FOR-US: Eleanor CMS
-CVE-2018-18716
- RESERVED
-CVE-2018-18715
- RESERVED
+CVE-2018-18716 (Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS
...)
+ TODO: check
+CVE-2018-18715 (Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.
...)
+ TODO: check
CVE-2018-18714 (RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is
susceptible ...)
NOT-FOR-US: IOBit Malware Fighter
CVE-2018-18713 (The function down_sql_action() in
/admin/model/database.class.php in ...)
@@ -2212,16 +2253,16 @@ CVE-2018-18567 (AudioCodes 440HD and 450HD devices
3.1.2.89 and earlier allows .
NOT-FOR-US: AudioCodes devices
CVE-2018-18566 (The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848
and ...)
NOT-FOR-US: Polycom
-CVE-2018-18565
- RESERVED
-CVE-2018-18564
- RESERVED
-CVE-2018-18563
- RESERVED
-CVE-2018-18562
- RESERVED
-CVE-2018-18561
- RESERVED
+CVE-2018-18565 (An issue was discovered in Roche Accu-Chek Inform II
Instrument before ...)
+ TODO: check
+CVE-2018-18564 (An issue was discovered in Roche Accu-Chek Inform II
Instrument before ...)
+ TODO: check
+CVE-2018-18563 (An issue was discovered in Roche Accu-Chek Inform II
Instrument before ...)
+ TODO: check
+CVE-2018-18562 (An issue was discovered in Roche Accu-Chek Inform II Base Unit
/ Base ...)
+ TODO: check
+CVE-2018-18561 (An issue was discovered in Roche Accu-Chek Inform II Base Unit
/ Base ...)
+ TODO: check
CVE-2018-18560
RESERVED
CVE-2018-18559 (In the Linux kernel through 4.19, a use-after-free can occur
due to a ...)
@@ -2527,13 +2568,11 @@ CVE-2018-18442
RESERVED
CVE-2018-18441
RESERVED
-CVE-2018-18440 [U-Boot insufficient boundary checks in filesystem image load]
- RESERVED
+CVE-2018-18440 (DENX U-Boot through 2018.09-rc1 has a locally exploitable
buffer ...)
- u-boot <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2018/11/02/2
NOTE: No security impact as supported/packaged in Debian
-CVE-2018-18439 [U-Boot insufficient boundary checks in network image boot]
- RESERVED
+CVE-2018-18439 (DENX U-Boot through 2018.09-rc1 has a remotely exploitable
buffer ...)
- u-boot <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2018/11/02/2
NOTE: No security impact as supported/packaged in Debian
@@ -3881,8 +3920,8 @@ CVE-2018-17950
RESERVED
CVE-2018-17949
RESERVED
-CVE-2018-17948
- RESERVED
+CVE-2018-17948 (An open redirect vulnerability exists in the Access Manager
Identity ...)
+ TODO: check
CVE-2018-17947 (The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via
the text ...)
NOT-FOR-US: WordPress plugin snazzy-maps
CVE-2018-17946 (The Tribulant Slideshow Gallery plugin before 1.6.6.1 for
WordPress has ...)
@@ -8059,12 +8098,12 @@ CVE-2018-16226 (A vulnerability in the web admin
component of Mitel MiVoice Offi
NOT-FOR-US: Mitel
CVE-2018-16225 (The QBee MultiSensor Camera through 4.16.4 accepts unencrypted
network ...)
NOT-FOR-US: QBee MultiSensor Camera
-CVE-2018-16224
- RESERVED
-CVE-2018-16223
- RESERVED
-CVE-2018-16222
- RESERVED
+CVE-2018-16224 (Incorrect access control for the diagnostic files of the
iSmartAlarm ...)
+ TODO: check
+CVE-2018-16223 (Insecure Cryptographic Storage of credentials in ...)
+ TODO: check
+CVE-2018-16222 (Cleartext Storage of credentials in the iSmartAlarmData.xml
...)
+ TODO: check
CVE-2018-16221
RESERVED
CVE-2018-16220
@@ -18776,10 +18815,10 @@ CVE-2018-12040 (** DISPUTED ** Reflected Cross-site
scripting (XSS) vulnerabilit
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1590702
CVE-2018-12039 (joyplus-cms 1.6.0 allows Remote Code Execution because of an
Arbitrary ...)
NOT-FOR-US: joyplus-cms
-CVE-2018-12038
- RESERVED
-CVE-2018-12037
- RESERVED
+CVE-2018-12038 (An issue was discovered on Samsung 840 EVO devices.
Vendor-specific ...)
+ TODO: check
+CVE-2018-12037 (An issue was discovered on Samsung 840 EVO and 850 EVO devices
(only ...)
+ TODO: check
CVE-2018-12036 (OWASP Dependency-Check before 3.2.0 allows attackers to write
to ...)
NOT-FOR-US: OWASP Dependency-Check
CVE-2018-12035 (In YARA 3.7.1 and prior, parsing a specially crafted compiled
rule ...)
@@ -24116,8 +24155,8 @@ CVE-2018-10104
RESERVED
CVE-2018-10103
RESERVED
-CVE-2018-10099
- RESERVED
+CVE-2018-10099 (Google Monorail before 2018-04-04 has a Cross-Site Search
(XS-Search) ...)
+ TODO: check
CVE-2018-10098 (In MicroWorld eScan Internet Security Suite (ISS) for Business
...)
NOT-FOR-US: MicroWorld eScan
CVE-2018-10097 (XSS exists in Domain Trader 2.5.3 via the recoverlogin.php ...)
@@ -47600,8 +47639,8 @@ CVE-2018-1781 (IBM DB2 for Linux, UNIX and Windows
(includes DB2 Connect Server)
NOT-FOR-US: IBM
CVE-2018-1780 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
NOT-FOR-US: IBM
-CVE-2018-1779
- RESERVED
+CVE-2018-1779 (IBM API Connect 2018.1 through 2018.3.7 could allow an
unauthenticated ...)
+ TODO: check
CVE-2018-1778
RESERVED
CVE-2018-1777 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/498809d5cff579d8962790e043fc74cc245d45f7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/498809d5cff579d8962790e043fc74cc245d45f7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
