Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7c536a39 by security tracker role at 2018-11-30T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,11 @@
+CVE-2018-19780
+ RESERVED
CVE-2018-19779
RESERVED
CVE-2018-19778
RESERVED
-CVE-2018-19777
- RESERVED
+CVE-2018-19777 (In Artifex MuPDF 1.14.0, there is an infinite loop in the
function ...)
+ TODO: check
CVE-2018-19776
RESERVED
CVE-2018-19775
@@ -3858,8 +3860,8 @@ CVE-2018-19292
RESERVED
CVE-2018-19291 (An issue discovered in DiliCMS 2.4.0. There is a CSRF
vulnerability ...)
NOT-FOR-US: DiliCMS
-CVE-2018-19290
- RESERVED
+CVE-2018-19290 (In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax
syntax ...)
+ TODO: check
CVE-2018-19289 (An issue was discovered in Valine v1.3.3. It allows HTML
injection, ...)
NOT-FOR-US: Valine
CVE-2018-19288 (Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS
via the ...)
@@ -4891,16 +4893,16 @@ CVE-2018-18989
RESERVED
CVE-2018-18988
RESERVED
-CVE-2018-18987
- RESERVED
+CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program
populating ...)
+ TODO: check
CVE-2018-18986
RESERVED
CVE-2018-18985
RESERVED
CVE-2018-18984
RESERVED
-CVE-2018-18983
- RESERVED
+CVE-2018-18983 (VT-Designer Version 2.1.7.31 is vulnerable by the program
reading the ...)
+ TODO: check
CVE-2018-18982 (NUUO CMS All versions 3.3 and prior the web server application
allows ...)
NOT-FOR-US: NUUO CMS
CVE-2018-18981
@@ -5174,8 +5176,8 @@ CVE-2018-18862
RESERVED
CVE-2018-18861 (Buffer overflow in PCMan FTP Server 2.0.7 allows for remote
code ...)
NOT-FOR-US: PCMan FTP Server
-CVE-2018-18860
- RESERVED
+CVE-2018-18860 (A local privilege escalation vulnerability has been identified
in the ...)
+ TODO: check
CVE-2018-18859 (Multiple local privilege escalation vulnerabilities have been
...)
NOT-FOR-US: LiquidVPN client for macOS
CVE-2018-18858 (Multiple local privilege escalation vulnerabilities have been
...)
@@ -6537,7 +6539,7 @@ CVE-2018-18312 [Heap-buffer-overflow write in S_regatom
(regcomp.c)]
NOTE: maint-5.28:
https://perl5.git.perl.org/perl.git/commitdiff/9b0464aa670d0a59bda5b75d54f2a6b6f9d1288a
CVE-2018-18311 [Integer overflow leading to buffer overflow and segmentation
fault]
RESERVED
- {DSA-4347-1}
+ {DSA-4347-1 DLA-1601-1}
- perl 5.28.1-1
NOTE: https://rt.perl.org/Ticket/Display.html?id=133204
NOTE: Introduced by:
https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87
@@ -11143,12 +11145,10 @@ CVE-2018-16479
RESERVED
CVE-2018-16478
RESERVED
-CVE-2018-16477 [Bypass vulnerability in Active Storage]
- RESERVED
+CVE-2018-16477 (A bypass vulnerability in Active Storage >= 5.2.0 for
Google Cloud ...)
- rails <not-affected> (Only affects >= 5.2.0; vulnerable code not
present)
NOTE: https://www.openwall.com/lists/oss-security/2018/11/27/5
-CVE-2018-16476 [Broken Access Control vulnerability in Active Job]
- RESERVED
+CVE-2018-16476 (A Broken Access Control vulnerability in Active Job versions
>= 4.2.0 ...)
- rails <unfixed> (bug #914847)
[jessie] - rails <not-affected> (only affects >= 4.2.0)
NOTE: https://www.openwall.com/lists/oss-security/2018/11/27/4
@@ -12098,16 +12098,16 @@ CVE-2018-16099
RESERVED
CVE-2018-16098
RESERVED
-CVE-2018-16097
- RESERVED
+CVE-2018-16097 (LXCI for VMware versions prior to 5.5 and LXCI for Microsoft
System ...)
+ TODO: check
CVE-2018-16096 (In System Management Module (SMM) versions prior to 1.06, the
SMM web ...)
NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16095 (In System Management Module (SMM) versions prior to 1.06, the
SMM ...)
NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16094 (In System Management Module (SMM) versions prior to 1.06, an
internal ...)
NOT-FOR-US: Lenovo / System Management Module (SMM)
-CVE-2018-16093
- RESERVED
+CVE-2018-16093 (In versions prior to 5.5, LXCI for VMware allows an
authenticated user ...)
+ TODO: check
CVE-2018-16092 (In System Management Module (SMM) versions prior to 1.06, the
FFDC ...)
NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16091 (In System Management Module (SMM) versions prior to 1.06, the
SMM ...)
@@ -12854,8 +12854,8 @@ CVE-2018-15836 (In verify_signed_hash() in
lib/liboswkeys/signatures.c in Opensw
- openswan <removed>
NOTE:
https://github.com/xelerance/Openswan/commit/0b460be9e287fd335c8ce58129c67bf06065ef51
NOTE: https://lists.openswan.org/pipermail/users/2018-August/023761.html
-CVE-2018-15835
- RESERVED
+CVE-2018-15835 (Android 1.0 through 9.0 has Insecure Permissions. The Android
bug ID ...)
+ TODO: check
CVE-2018-15834 (In radare2 before 2.9.0, a heap overflow vulnerability exists
in the ...)
- radare2 2.9.0+dfsg-1
[stretch] - radare2 <no-dsa> (Minor issue)
@@ -12994,10 +12994,10 @@ CVE-2018-15770
RESERVED
CVE-2018-15769 (RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in
4.0.x ...)
NOT-FOR-US: RSA BSAFE Micro Edition Suite
-CVE-2018-15768
- RESERVED
-CVE-2018-15767
- RESERVED
+CVE-2018-15768 (Dell OpenManage Network Manager versions prior to 6.5.0
enabled ...)
+ TODO: check
+CVE-2018-15767 (The Dell OpenManage Network Manager virtual appliance versions
prior ...)
+ TODO: check
CVE-2018-15766 (On install, Dell Encryption versions prior 10.0.1 and Dell
Endpoint ...)
NOT-FOR-US: Dell
CVE-2018-15765 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08,
...)
@@ -15738,8 +15738,7 @@ CVE-2018-14638 (A flaw was found in 389-ds-base before
version 1.3.8.4-13. The p
- 389-ds-base 1.4.0.18-1 (bug #908859)
[jessie] - 389-ds-base <not-affected> (Vulnerable code not present)
NOTE:
https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73
-CVE-2018-14637
- RESERVED
+CVE-2018-14637 (The SAML broker consumer endpoint in Keycloak before version
...)
NOT-FOR-US: Keycloak
CVE-2018-14636 (Live-migrated instances are briefly able to inspect traffic
for other ...)
- neutron <unfixed> (low)
@@ -30435,8 +30434,8 @@ CVE-2018-9074 (For some Iomega, Lenovo, LenovoEMC NAS
devices versions 4.1.402.3
NOT-FOR-US: Lenovo
CVE-2018-9073 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0
utilizes ...)
NOT-FOR-US: Lenovo Chassis Management Module
-CVE-2018-9072
- RESERVED
+CVE-2018-9072 (In versions prior to 5.5, LXCI for VMware allows an
authenticated user ...)
+ TODO: check
CVE-2018-9071 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0
allows ...)
NOT-FOR-US: Lenovo Chassis Management Module
CVE-2018-9070 (For the Lenovo Smart Assistant Android app versions earlier
than ...)
@@ -33568,10 +33567,10 @@ CVE-2018-7833
RESERVED
CVE-2018-7832
RESERVED
-CVE-2018-7831
- RESERVED
-CVE-2018-7830
- RESERVED
+CVE-2018-7831 (An Improper Neutralization of Script-Related HTML Tags in a Web
Page ...)
+ TODO: check
+CVE-2018-7830 (Improper Neutralization of CRLF Sequences in HTTP Headers
('HTTP ...)
+ TODO: check
CVE-2018-7829
RESERVED
CVE-2018-7828
@@ -33608,18 +33607,18 @@ CVE-2018-7813
RESERVED
CVE-2018-7812
RESERVED
-CVE-2018-7811
- RESERVED
-CVE-2018-7810
- RESERVED
-CVE-2018-7809
- RESERVED
+CVE-2018-7811 (An Unverified Password Change vulnerability exists in the
embedded web ...)
+ TODO: check
+CVE-2018-7810 (An Improper Neutralization of Input During Web Page Generation
...)
+ TODO: check
+CVE-2018-7809 (An Unverified Password Change vulnerability exists in the
embedded web ...)
+ TODO: check
CVE-2018-7808
RESERVED
-CVE-2018-7807
- RESERVED
-CVE-2018-7806
- RESERVED
+CVE-2018-7807 (Data Center Expert, versions 7.5.0 and earlier, allows for the
upload ...)
+ TODO: check
+CVE-2018-7806 (Data Center Operation allows for the upload of a zip file from
its ...)
+ TODO: check
CVE-2018-7805
RESERVED
CVE-2018-7804
@@ -45161,8 +45160,8 @@ CVE-2018-3950
RESERVED
CVE-2018-3949
RESERVED
-CVE-2018-3948
- RESERVED
+CVE-2018-3948 (An exploitable denial-of-service vulnerability exists in the
...)
+ TODO: check
CVE-2018-3947 (An exploitable information disclosure vulnerability exists in
the ...)
NOT-FOR-US: Yi Home Camera
CVE-2018-3946 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
@@ -51104,10 +51103,10 @@ CVE-2018-1930
RESERVED
CVE-2018-1929
RESERVED
-CVE-2018-1928
- RESERVED
-CVE-2018-1927
- RESERVED
+CVE-2018-1928 (IBM StoredIQ 7.6.0 does not implement proper authorization of
user ...)
+ TODO: check
+CVE-2018-1927 (IBM StoredIQ 7.6 is vulnerable to cross-site request forgery
which ...)
+ TODO: check
CVE-2018-1926
RESERVED
CVE-2018-1925
@@ -51166,8 +51165,8 @@ CVE-2018-1899
RESERVED
CVE-2018-1898
RESERVED
-CVE-2018-1897
- RESERVED
+CVE-2018-1897 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1
...)
+ TODO: check
CVE-2018-1896
RESERVED
CVE-2018-1895
@@ -55676,8 +55675,8 @@ CVE-2018-0718 (Command injection vulnerability in Music
Station 5.1.2 and earlie
NOT-FOR-US: Music Station
CVE-2018-0717
RESERVED
-CVE-2018-0716
- RESERVED
+CVE-2018-0716 (Cross-site scripting vulnerability in QTS 4.2.6 build 20180711,
QTS ...)
+ TODO: check
CVE-2018-0715 (Cross-site scripting vulnerability in QNAP Photo Station
versions ...)
NOT-FOR-US: QNAP Photo Station
CVE-2018-0714 (Command injection vulnerability in Helpdesk versions 1.1.21 and
...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c536a399a9d7e956e6ebb375279ee201ca93675
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c536a399a9d7e956e6ebb375279ee201ca93675
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
