Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b725d6aa by security tracker role at 2018-11-28T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2019-1564
+ RESERVED
+CVE-2019-1563
+ RESERVED
+CVE-2019-1562
+ RESERVED
+CVE-2019-1561
+ RESERVED
+CVE-2019-1560
+ RESERVED
+CVE-2019-1559
+ RESERVED
+CVE-2019-1558
+ RESERVED
+CVE-2019-1557
+ RESERVED
+CVE-2019-1556
+ RESERVED
+CVE-2019-1555
+ RESERVED
+CVE-2019-1554
+ RESERVED
+CVE-2019-1553
+ RESERVED
+CVE-2019-1552
+ RESERVED
+CVE-2019-1551
+ RESERVED
+CVE-2019-1550
+ RESERVED
+CVE-2019-1549
+ RESERVED
+CVE-2019-1548
+ RESERVED
+CVE-2019-1547
+ RESERVED
+CVE-2019-1546
+ RESERVED
+CVE-2019-1545
+ RESERVED
+CVE-2019-1544
+ RESERVED
+CVE-2019-1543
+ RESERVED
+CVE-2019-1542
+ RESERVED
+CVE-2019-1541
+ RESERVED
+CVE-2019-1540
+ RESERVED
+CVE-2019-1539
+ RESERVED
+CVE-2019-1538
+ RESERVED
+CVE-2019-1537
+ RESERVED
+CVE-2019-1536
+ RESERVED
+CVE-2019-1535
+ RESERVED
+CVE-2018-19649
+ RESERVED
+CVE-2018-19648
+ RESERVED
+CVE-2018-19647
+ RESERVED
+CVE-2018-19646 (The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10,
13.1.10, ...)
+ TODO: check
+CVE-2018-19645
+ RESERVED
+CVE-2018-19644
+ RESERVED
+CVE-2018-19643
+ RESERVED
+CVE-2018-19642
+ RESERVED
+CVE-2018-19641
+ RESERVED
+CVE-2018-19640
+ RESERVED
+CVE-2018-19639
+ RESERVED
+CVE-2018-19638
+ RESERVED
+CVE-2018-19637
+ RESERVED
+CVE-2018-19636
+ RESERVED
+CVE-2018-19635
+ RESERVED
+CVE-2018-19634
+ RESERVED
+CVE-2018-19633
+ RESERVED
+CVE-2018-19632
+ RESERVED
+CVE-2018-19631
+ RESERVED
+CVE-2018-19630 (cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and
LEDE ...)
+ TODO: check
+CVE-2018-19629
+ RESERVED
+CVE-2018-19628
+ RESERVED
+CVE-2018-19627
+ RESERVED
+CVE-2018-19626
+ RESERVED
+CVE-2018-19625
+ RESERVED
+CVE-2018-19624
+ RESERVED
+CVE-2018-19623
+ RESERVED
+CVE-2018-19622
+ RESERVED
+CVE-2018-19621 (server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a
CSRF ...)
+ TODO: check
+CVE-2018-19620 (ShowDoc 2.4.1 allows remote attackers to edit other users'
notes by ...)
+ TODO: check
CVE-2018-19619
RESERVED
CVE-2018-19618
@@ -3001,19 +3121,19 @@ CVE-2018-19486 (Git before 2.19.2 on Linux and UNIX
executes commands from the c
NOTE: Fixed by:
https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60
NOTE: Introduced by:
https://git.kernel.org/pub/scm/git/git.git/commit/?id=e3a434468fecca7c14a6bef32050dfa60534fde6
CVE-2018-19477 (psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote
...)
- {DSA-4346-1}
+ {DSA-4346-1 DLA-1598-1}
- ghostscript 9.26~dfsg-1
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb
(ghostscript-9.26)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=606a22e77e7f081781e99e44644cd0119f559e03
(master)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700168
CVE-2018-19476 (psi/zicc.c in Artifex Ghostscript before 9.26 allows remote
attackers ...)
- {DSA-4346-1}
+ {DSA-4346-1 DLA-1598-1}
- ghostscript 9.26~dfsg-1
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a
(ghostscript-9.26)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=434753adbe8be5534bfb9b7d91746023e8073d16
(master)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700169
CVE-2018-19475 (psi/zdevice2.c in Artifex Ghostscript before 9.26 allows
remote ...)
- {DSA-4346-1}
+ {DSA-4346-1 DLA-1598-1}
- ghostscript 9.26~dfsg-1
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e
(ghostscript-9.26)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315
(master)
@@ -3135,7 +3255,7 @@ CVE-2018-19411 (PRTG Network Monitor before 18.2.40.1683
allows an authenticated
CVE-2018-19410 (PRTG Network Monitor before 18.2.40.1683 allows remote
unauthenticated ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2018-19409 (An issue was discovered in Artifex Ghostscript before 9.26.
...)
- {DSA-4346-1}
+ {DSA-4346-1 DLA-1598-1}
- ghostscript 9.26~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700176
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=661e8d8fb8248c38d67958beda32f3a5876d0c3f
@@ -8981,8 +9101,8 @@ CVE-2018-17158
RESERVED
CVE-2018-17157
RESERVED
-CVE-2018-17156
- RESERVED
+CVE-2018-17156 (In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5,
due to ...)
+ TODO: check
CVE-2018-17155 (In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc
@@ -9674,8 +9794,7 @@ CVE-2018-16859 [become password logged in plaintext when
used with PowerShell on
- ansible <not-affected> (Only issue when executing Ansible playbooks
on Windows platforms)
CVE-2018-16858
RESERVED
-CVE-2018-16857 [Bad password count in AD DC not always effective]
- RESERVED
+CVE-2018-16857 (Samba from version 4.9.0 and before version 4.9.3 that have AD
DC ...)
- samba 2:4.9.2+dfsg-2
[stretch] - samba <not-affected> (Vulnerable code not present)
[jessie] - samba <not-affected> (Vulnerable code not present)
@@ -9695,21 +9814,18 @@ CVE-2018-16854 (A flaw was found in moodle before
versions 3.6, 3.5.3, 3.4.6, 3.
- moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=378731
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183
-CVE-2018-16853 [Samba AD DC S4U2Self Crash in experimental MIT Kerberos
configuration]
- RESERVED
+CVE-2018-16853 (Samba from version 4.7.0 has a vulnerability that allows a
user in a ...)
- samba 2:4.9.2+dfsg-2 (unimportant)
[stretch] - samba <not-affected> (Vulnerable code not present)
[jessie] - samba <not-affected> (Vulnerable code not present)
NOTE: https://www.samba.org/samba/security/CVE-2018-16853.html
NOTE: Samba in Debian is built with the default Heimdal Kerberos build
-CVE-2018-16852 [NULL pointer de-reference in Samba AD DC DNS servers]
- RESERVED
+CVE-2018-16852 (Samba from version 4.9.0 and before version 4.9.3 is
vulnerable to a ...)
- samba 2:4.9.2+dfsg-2
[stretch] - samba <not-affected> (Vulnerable code not present)
[jessie] - samba <not-affected> (Vulnerable code not present)
NOTE: https://www.samba.org/samba/security/CVE-2018-16852.html
-CVE-2018-16851 [NULL pointer de-reference in Samba AD DC LDAP server]
- RESERVED
+CVE-2018-16851 (Samba from version 4.0.0 and before versions 4.7.12, 4.8.7,
4.9.3 is ...)
{DSA-4345-1}
- samba 2:4.9.2+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2018-16851.html
@@ -9761,8 +9877,7 @@ CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are
vulnerable to a heap-bas
- curl 7.62.0-1
NOTE: https://curl.haxx.se/docs/CVE-2018-16842.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
-CVE-2018-16841 [Double-free in Samba AD DC KDC with PKINIT]
- RESERVED
+CVE-2018-16841 (Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and
4.9.3 ...)
{DSA-4345-1}
- samba 2:4.9.2+dfsg-2
[jessie] - samba <not-affected> (Vulnerable code not present)
@@ -13385,8 +13500,8 @@ CVE-2018-15443 (A vulnerability in the detection engine
of Cisco Firepower Syste
NOT-FOR-US: Cisco
CVE-2018-15442 (A vulnerability in the update service of Cisco Webex Meetings
Desktop ...)
NOT-FOR-US: Cisco
-CVE-2018-15441
- RESERVED
+CVE-2018-15441 (A vulnerability in the web framework code of Cisco Prime
License ...)
+ TODO: check
CVE-2018-15440
RESERVED
CVE-2018-15439 (A vulnerability in the Cisco Small Business Switches software
could ...)
@@ -14945,14 +15060,14 @@ CVE-2018-14751
RESERVED
CVE-2018-14750
RESERVED
-CVE-2018-14749
- RESERVED
-CVE-2018-14748
- RESERVED
-CVE-2018-14747
- RESERVED
-CVE-2018-14746
- RESERVED
+CVE-2018-14749 (Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS
4.3.4 ...)
+ TODO: check
+CVE-2018-14748 (Improper Authorization vulnerability in QTS 4.3.5 build
20181013, QTS ...)
+ TODO: check
+CVE-2018-14747 (NULL Pointer Dereference vulnerability in QTS 4.3.5 build
20181013, ...)
+ TODO: check
+CVE-2018-14746 (Command Injection vulnerability in QTS 4.3.5 build 20181013,
QTS 4.3.4 ...)
+ TODO: check
CVE-2018-14955 (The mail message display page in SquirrelMail through 1.4.22
has XSS ...)
{DLA-1484-1}
- squirrelmail <removed> (bug #905023)
@@ -15322,8 +15437,7 @@ CVE-2018-14631 (moodle before versions 3.5.2, 3.4.5,
3.3.8 is vulnerable to a bo
- moodle <removed>
CVE-2018-14630 (moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is
vulnerable to an ...)
- moodle <removed>
-CVE-2018-14629 [Unprivileged adding of CNAME record causing loop in AD
Internal DNS server]
- RESERVED
+CVE-2018-14629 (A denial of service vulnerability was discovered in Samba's
LDAP ...)
{DSA-4345-1}
- samba 2:4.9.2+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2018-14629.html
@@ -18529,7 +18643,7 @@ CVE-2018-13357 (Cross-site scripting in Control Panel
in TerraMaster TOS version
NOT-FOR-US: TerraMaster TOS
CVE-2018-13356 (Incorrect access control on ajaxdata.php in TerraMaster TOS
version ...)
NOT-FOR-US: TerraMaster TOS
-CVE-2018-13355 (Cross-site scripting in Control Panel in TerraMaster TOS
version ...)
+CVE-2018-13355 (Incorrect access controls in ajaxdata.php in TerraMaster TOS
version ...)
NOT-FOR-US: TerraMaster TOS
CVE-2018-13354 (System command injection in logtable.php in TerraMaster TOS
version ...)
NOT-FOR-US: TerraMaster TOS
@@ -20915,14 +21029,14 @@ CVE-2017-18320
RESERVED
CVE-2017-18319
RESERVED
-CVE-2017-18318
- RESERVED
-CVE-2017-18317
- RESERVED
-CVE-2017-18316
- RESERVED
-CVE-2017-18315
- RESERVED
+CVE-2017-18318 (Missing validation check on CRL issuer name in Snapdragon
Automobile, ...)
+ TODO: check
+CVE-2017-18317 (Restrictions related to the modem (sim lock, sim kill) can be
bypassed ...)
+ TODO: check
+CVE-2017-18316 (Secure application can access QSEE kernel memory through
Ontario ...)
+ TODO: check
+CVE-2017-18315 (Buffer over-read vulnerabilities in an older version of ASN.1
parser ...)
+ TODO: check
CVE-2017-18314 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206,
MDM9607, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18313 (Under certain mode of operations, HLOS may be able get direct
or ...)
@@ -21872,23 +21986,19 @@ CVE-2018-12125
RESERVED
CVE-2018-12124
RESERVED
-CVE-2018-12123
- RESERVED
+CVE-2018-12123 (Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0
and ...)
- nodejs <unfixed> (unimportant)
NOTE:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
NOTE: Nodejs not covered by security support
-CVE-2018-12122
- RESERVED
+CVE-2018-12122 (Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0
and ...)
- nodejs <unfixed> (unimportant)
NOTE:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
NOTE: Nodejs not covered by security support
-CVE-2018-12121
- RESERVED
+CVE-2018-12121 (Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0
and ...)
- nodejs <unfixed> (unimportant)
NOTE:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
NOTE: Nodejs not covered by security support
-CVE-2018-12120
- RESERVED
+CVE-2018-12120 (Node.js: All versions prior to Node.js 6.15.0: Debugger port
5858 ...)
- nodejs 8.9.3~dfsg-5 (unimportant)
NOTE:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
NOTE: Nodejs not covered by security support
@@ -21899,8 +22009,7 @@ CVE-2018-12118
RESERVED
CVE-2018-12117
RESERVED
-CVE-2018-12116
- RESERVED
+CVE-2018-12116 (Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP
request ...)
- nodejs <unfixed> (unimportant)
NOTE:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
NOTE: Nodejs not covered by security support
@@ -22226,12 +22335,12 @@ CVE-2018-11998
RESERVED
CVE-2018-11997
RESERVED
-CVE-2018-11996
- RESERVED
+CVE-2018-11996 (When a malformed command is sent to the device programmer, an
...)
+ TODO: check
CVE-2018-11995 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
TODO: check
-CVE-2018-11994
- RESERVED
+CVE-2018-11994 (SMMU secure camera logic allows secure camera controllers to
access ...)
+ TODO: check
CVE-2018-11993
RESERVED
CVE-2018-11992
@@ -22377,8 +22486,8 @@ CVE-2018-11923
RESERVED
CVE-2018-11922
RESERVED
-CVE-2018-11921
- RESERVED
+CVE-2018-11921 (Failure condition is not handled properly and the correct
error code ...)
+ TODO: check
CVE-2018-11920
RESERVED
CVE-2018-11919 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
@@ -24191,8 +24300,8 @@ CVE-2018-11266 (In all android releases(Android for
MSM, Firefox OS for MSM, QRD
TODO: check
CVE-2018-11265 (In all android releases (Android for MSM, Firefox OS for MSM,
QRD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11264
- RESERVED
+CVE-2018-11264 (Possible buffer overflow in Ontario fingerprint code due to
lack of ...)
+ TODO: check
CVE-2018-11263 (In all Android releases (Android for MSM, Firefox OS for MSM,
QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11262 (In Android for MSM, Firefox OS for MSM, and QRD Android with
all ...)
@@ -34263,7 +34372,7 @@ CVE-2018-7490 (uWSGI before 2.0.17 mishandles a
DOCUMENT_ROOT check during use o
NOTE: Fixed in 2.0.17 upstream
NOTE:
https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
NOTE: https://blog.runesec.com/2018/03/01/uwsgi-path-traversal/
-CVE-2018-7489 (FasterXML jackson-databind before 2.8.11.1 and 2.9.x before
2.9.5 ...)
+CVE-2018-7489 (FasterXML jackson-databind before 2.7.9.3, 2.8.x before
2.8.11.1 and ...)
{DSA-4190-1}
- jackson-databind 2.9.5-1 (bug #891614)
NOTE: https://github.com/FasterXML/jackson-databind/issues/1931
@@ -39578,20 +39687,20 @@ CVE-2018-5920
RESERVED
CVE-2018-5919 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
TODO: check
-CVE-2018-5918
- RESERVED
-CVE-2018-5917
- RESERVED
-CVE-2018-5916
- RESERVED
+CVE-2018-5918 (Possible buffer overflow in DRM Trusted application due to lack
of ...)
+ TODO: check
+CVE-2018-5917 (Possible buffer overflow in OEM crypto function due to improper
input ...)
+ TODO: check
+CVE-2018-5916 (Buffer overread while decoding PDP modify request or network
initiated ...)
+ TODO: check
CVE-2018-5915
RESERVED
CVE-2018-5914 (Improper input validation in TZ led to array out of bound in TZ
...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5913
RESERVED
-CVE-2018-5912
- RESERVED
+CVE-2018-5912 (Potential buffer overflow in Video due to lack of input
validation in ...)
+ TODO: check
CVE-2018-5911
RESERVED
CVE-2018-5910 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
@@ -39660,8 +39769,8 @@ CVE-2018-5879
RESERVED
CVE-2018-5878 (While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS
message, ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5877
- RESERVED
+CVE-2018-5877 (In the device programmer target-side code for firehose, a
string may ...)
+ TODO: check
CVE-2018-5876 (While parsing an mp4 file, a buffer overflow can occur in
Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5875 (While parsing an mp4 file, an integer overflow leading to a
buffer ...)
@@ -39677,8 +39786,8 @@ CVE-2018-5872 (While parsing over-the-air information
elements in all Android ..
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5871 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206,
MDM9607, ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5870
- RESERVED
+CVE-2018-5870 (While loading a service image, an untrusted pointer dereference
can ...)
+ TODO: check
CVE-2018-5869
RESERVED
CVE-2018-5868
@@ -40619,8 +40728,8 @@ CVE-2018-5561
RESERVED
CVE-2018-5560
RESERVED
-CVE-2018-5559
- RESERVED
+CVE-2018-5559 (In Rapid7 Komand version 0.41.0 and prior, certain endpoints
that are ...)
+ TODO: check
CVE-2018-5558
RESERVED
CVE-2018-5557
@@ -51357,8 +51466,8 @@ CVE-2018-1586
RESERVED
CVE-2018-1585 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0
through ...)
NOT-FOR-US: IBM Rational Rhapsody Design Manager
-CVE-2018-1584
- RESERVED
+CVE-2018-1584 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site
scripting. ...)
+ TODO: check
CVE-2018-1583 (IBM StoredIQ 7.6 could allow an authenticated attacker to
bypass ...)
NOT-FOR-US: IBM
CVE-2018-1582
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b725d6aa4e0fb0322da574b399250f6f3b45449b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b725d6aa4e0fb0322da574b399250f6f3b45449b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
